From 104e10ac627dbb7bda44bd9b2cd056a36197cda4 Mon Sep 17 00:00:00 2001
From: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
Date: Thu, 24 Apr 2025 09:58:40 +0200
Subject: [PATCH 1/4] [DOCS] Update esql-lookup-join.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- I trimmed the KEEP query in my final iteration in https://github.com/elastic/elasticsearch/pull/127215 but neglected to update the query itself, only the response. This fixes that so the query matches the response.

- 🚘 I also updated the table response to match other ESQL response tables
---
 .../query-languages/esql/esql-lookup-join.md       | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/docs/reference/query-languages/esql/esql-lookup-join.md b/docs/reference/query-languages/esql/esql-lookup-join.md
index 163323aa0d1bc..dc01cd2b0f9f7 100644
--- a/docs/reference/query-languages/esql/esql-lookup-join.md
+++ b/docs/reference/query-languages/esql/esql-lookup-join.md
@@ -122,7 +122,7 @@ FROM firewall_logs # The source index
 | LOOKUP JOIN threat_list ON source.ip # The lookup index and join field
 | WHERE threat_level IS NOT NULL # Filter for rows non-null threat levels
 | SORT timestamp # LOOKUP JOIN does not guarantee output order, so you must explicitly sort the results if needed
-| KEEP timestamp, source.ip, destination.ip, action, threat_level, threat_type # Keep only relevant fields
+| KEEP source.ip, action, threat_type, threat_level # Keep only relevant fields
 | LIMIT 10 # Limit the output to 10 rows
 ```
 
@@ -130,13 +130,11 @@ FROM firewall_logs # The source index
 
 A successful query will output a table. In this example, you can see that the `source.ip` field from the `firewall_logs` index is matched with the `source.ip` field in the `threat_list` index, and the corresponding `threat_level` and `threat_type` fields are added to the output.
 
-```
-   source.ip   |    action     |  threat_type  | threat_level  
----------------+---------------+---------------+---------------
-203.0.113.5    |allow          |C2_SERVER      |high           
-198.51.100.2   |block          |SCANNER        |medium         
-203.0.113.5    |allow          |C2_SERVER      |high        
-```
+|source.ip|action|threat_type|threat_level|
+|---|---|---|---|
+|203.0.113.5|allow|C2_SERVER|high|
+|198.51.100.2|block|SCANNER|medium|
+|203.0.113.5|allow|C2_SERVER|high|
 
 ### Additional examples
 

From 28330479ee6469178fd1dc40ab2cc7b2dd3b6f51 Mon Sep 17 00:00:00 2001
From: Liam Thompson <leemthompo@gmail.com>
Date: Wed, 18 Jun 2025 10:00:11 +0200
Subject: [PATCH 2/4] Fix preview URLs path structure

---
 .github/workflows/docs-preview-comment.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docs-preview-comment.yml b/.github/workflows/docs-preview-comment.yml
index f821e402dc865..25ded1f915624 100644
--- a/.github/workflows/docs-preview-comment.yml
+++ b/.github/workflows/docs-preview-comment.yml
@@ -35,8 +35,8 @@ jobs:
                 !/(^|\/)_snippets\//i.test(f.filename)
               )
               .map(f => {
-                let p = f.filename.replace(/\/index\.md$/i, '/');
-                if (p === f.filename) p = p.replace(/\.md$/i, '');
+                let p = f.filename.replace(/^docs\//, '').replace(/\/index\.md$/i, '/');
+                if (p === f.filename.replace(/^docs\//, '')) p = p.replace(/\.md$/i, '');
                 return `- [\`${f.filename}\`](${base}/${p})`;
               });
             if (!links.length) return;  // nothing to do
@@ -68,4 +68,4 @@ jobs:
                 issue_number: prNum,
                 body
               });
-            }
+            }
\ No newline at end of file

From 8997bc42ef7f7750f07d94f0c1aff66c399f09f7 Mon Sep 17 00:00:00 2001
From: Liam Thompson <leemthompo@gmail.com>
Date: Wed, 18 Jun 2025 10:00:29 +0200
Subject: [PATCH 3/4] test change

---
 docs/reference/query-languages/esql.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/reference/query-languages/esql.md b/docs/reference/query-languages/esql.md
index 034794af7d8e9..8f1b9dfc1a581 100644
--- a/docs/reference/query-languages/esql.md
+++ b/docs/reference/query-languages/esql.md
@@ -6,6 +6,8 @@ mapped_pages:
 
 # {{esql}} reference [esql-language]
 
+foo bar baz testy test
+
 :::{note}
 This section provides detailed **reference information** about the {{esql}} language, including syntax, functions, and operators.
 

From 71a0494e13796c1c9ebabe1278f60cddf0402208 Mon Sep 17 00:00:00 2001
From: Liam Thompson <leemthompo@gmail.com>
Date: Wed, 18 Jun 2025 10:04:04 +0200
Subject: [PATCH 4/4] remove test changes needs to be in follow up PR

---
 docs/reference/query-languages/esql.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/reference/query-languages/esql.md b/docs/reference/query-languages/esql.md
index 8f1b9dfc1a581..034794af7d8e9 100644
--- a/docs/reference/query-languages/esql.md
+++ b/docs/reference/query-languages/esql.md
@@ -6,8 +6,6 @@ mapped_pages:
 
 # {{esql}} reference [esql-language]
 
-foo bar baz testy test
-
 :::{note}
 This section provides detailed **reference information** about the {{esql}} language, including syntax, functions, and operators.